Kyle, Assuming your DBs are in the current directory: certutil -L -d . -h "Builtin Object Token" will list all of the nicknames
Then you just add the -n "nickname" (and optionally -a to get base64) for each one like so: certutil -L -d . -n "Builtin Object Token:StartCom Certification Authority" -a -----BEGIN CERTIFICATE----- MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh ... <snip> I believe if you leave the -h "token name" part in, then your nicknames don't have to prepended with the token name, but it's probably easier to script the way I did it above. Dave -----Original Message----- How do I get the certificates out of the builtin object token? certutil only appears to work on cert8.db and key3.db, modutil won't add libnssckbi.dylib (it gives me error -2804 if I try), and I can't figure out how I'm supposed to do it. (I hope I don't have to use the slow, cumbersome, and insanely laid-out Firefox certificate browser to do this.) -Kyle H _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
